The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'img_id' parameter to the '/index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the admin panel.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject malicious SQL queries in the vulnerable parameter 'galid' and can gain access to the database.
An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.
The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'categ' parameter to 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the administrative panel.
An attacker can exploit a SQL injection vulnerability in Koobi Pro 6.25 by sending a maliciously crafted HTTP request to the vulnerable application. This request contains a specially crafted SQL statement that when executed, will return the email and password of the admin user from the kpro_user table. The attacker can then use this information to gain access to the application.
Prediction Football is a program that provides a web based administration config and automated prediction leagues. This program supports multiple languages. This script makes predictions simultaneously. This helps you to message other users and capable of multiple fixture creation. This requires web server with support for PHP4.0 or greater, MySQL database. Very easy to download and install the program and execute. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server with the following payload: http://target.domain/[path]/showpredictionsformatch.php?sid=dupa&matchid=-666/**/union/**/select/**/1,2,3,concat(0x757365723a,username),concat(0x7061737377643a,password),6,7/**/from/**/pluserdata/**/WHERE/**/userid=1/*, where userid=1 is the admin user.
SuperNET Shop v1.0 is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries and gain access to unauthorized information. This issue affects the 'id' parameter of the 'guncelle.asp' script. An attacker can exploit this issue to bypass the authentication process and gain access to the administrative panel. The attacker can supply the username and password fields with the value 'or' to bypass the authentication process.
LokiCMS is vulnerable to a PHP Code Injection vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
Pligg content management system is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. To exploit this, an attacker needs the id of a news they submitted and an id of a news submitted by others. When the LIKE statement matches, the attacker will get a 'Not your link' error.
ExBB <= 0.22 is vulnerable to multiple file inclusion and code execution due to improper input validation. The vulnerability is caused due to the use of register_globals, allow_url_fopen, and allow_url_include PHP directives. An attacker can exploit this vulnerability by sending malicious requests to the vulnerable server.
Services By CQR